Hi James, On Thu, Feb 9, 2012 at 7:37 AM, James Annesley < james.annes...@infoshare-is.com> wrote:
> Hi,**** > > ** ** > > Two questions:**** > > ** ** > > Introduction:**** > > ** ** > > I use Rampart 1.5.0 and Axis2 1.5.1. The SOAP server is WCF and it works > ok. The policy is embedded in the SOAP and the AXIS2 client works after > engaging Rampart without specifying a policy file.**** > > The authentication is done on the SOAP server. For each client request the > username and password is inserted into the ServiceClient's Options object. > The strange thing is that Rampart also authenticates the username and > password. **** > > ** ** > > Question 1) Why does Rampart do its own authentication? I believe Rampart > is needed in order to interpret the WS-Security SOAP messages - but I don't > need it to do anything else. > Rampart provides a callback mechanism which provides you the username and password included in the incoming UsrnameToken for authentication (When you use a plain text password). This callback handler which you implement as a part of the service, carries out the authentication. For some reason if you do not want to authenticate at this point but would rather authenticate at the service implementation, that is still possible by obtaining the security processing results from the message context of the incoming request. > ** > > Question 2) Really what I would like to do is leverage Tomcat's login > features and still authenticate via the current system. I don't want to > have to import all the authenticated users to the tomcat database and would > prefer not having to implement something new on the SOAP server. I realise > this might be more appropriate for the tomcat list. Any ideas? > I'm not sure what you mean here. Thanks, Ruchith
